tempest/releasenotes
Leo Henken fd01d15d14 Fix test_novnc to adequately validate websocket upgrade
Currently, test_novnc validates the websocket upgrade by verifying
that the websocket response reports a protocol switch and that the
response includes a server name specified in the configuration
field vnc_server_header. This explicit server name configuration
field introduces a security concern and convolutes the code base.

HTTP RFC7231 (https://tools.ietf.org/html/rfc7231) section 6.2.2
says that when switching protocols, the response "MUST generate
an Upgrade header field that indicates which protocols will be
switched to".

This patchset uses this required Upgrade field to validate the
websocket upgrade instead of an environment-based configuration
field, making the code base cleaner, safer, and more reliable.

vnc_server_header is deprecated and necessary release notes are
created.

Change-Id: I5d3c9bdd0d20a15ade672f276dd0f24b654e3de5
Closes-bug: #1838777
Closes-bug: #1840788
2019-08-23 10:29:05 +00:00
..
notes Fix test_novnc to adequately validate websocket upgrade 2019-08-23 10:29:05 +00:00
source Add release notes page for version 21.0.0 2019-07-27 12:05:18 +00:00